DOCSLIB.ORG

Read the 2021 PPPM Digest

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Read the 2021 PPPM Digest PRIVACY PAPERS FOR POLICYMAKERS 2020 This material is based upon work supported by the National Science Foundation under Grant No. 1837413. February 10, 2021 We are pleased to introduce FPF’s 11th annual Privacy Papers for Policymakers. Each year we invite privacy scholars and authors to submit scholarship for consideration by a committee of reviewers and judges from the FPF Advisory Board. The selected papers are those judged to contain practical analyses of emerging issues that policymakers in Congress, in federal agencies, at the state level and internationally should find useful. This year’s winning papers examine a variety of topical privacy issues: • One paper explores the legal and policy questions related to a new era of student surveillance, which is being fueled by machine learning. • Another paper sets out proposals for how Asian stakeholders may promote greater consistency between their respective laws and regulations on international transfers of personal data in the region. • A third paper discusses the human rights implications of technologies like virtual reality and augmented reality, as well as actions that the industry and lawmakers can take to preserve human rights. • A fourth paper provides a comprehensive account of the ways in which privacy impacted technological and public health responses to the COVID-19 crisis to expose the need for reforms in privacy law. • Another paper evaluates the recent Schrems II decision and proposes ways that U.S. surveillance law can be adapted to meet the standards of the European Court of Justice and establish a lasting foundation for data transfers in trans-Atlantic commerce. • The sixth winning paper urges the creation of fiduciary relationships between consumers and companies that would increase company liability for data protection failures. For the fifth year in a row, we are proud to continue highlighting student work by honoring another excellent paper. The winning paper Personal Identifiability of User Tracking Data During Observation of 360-Degree VR Video (Miller, et al.) offers insight into how using only the position tracking data, they found that even with more than 500 participants to choose from, a simple machine learning model can identify participants from less than five minutes of tracking data at above 95% accuracy. We thank the scholars, advocates, and Advisory Board members who are engaged with us to explore the future of privacy. Christopher Wolf Jules Polonetsky Chairman, FPF Board of Directors Chief Executive Officer, FPF Privacy Papers for Policymakers 2020 1 Future of Privacy Forum Advisory Board Alessandro Acquisti John Breyault Peggy Eisenhauer Associate Professor of Information Technology & Vice President, Public Policy Telecommunications Founder Public Policy and Fraud Privacy & Information Management Services Carnegie Mellon University's Heinz College National Consumers League Jimma Elliott-Stevens Nicholas Ahrens Julie Brill General Counsel, Chief Compliance & Privacy Officer Vice President, Innovation Corporate Vice President, Deputy General Counsel Global Thomson Reuters Retail Industry Leaders Association Privacy and Regulatory Affairs, and Chief Privacy Officer Keith Enright Sharon Anolik Microsoft Corporation Chief Privacy Officer Founder & President Jill Bronfman Google Privacy Panacea Privacy Counsel Kristen Erbes Annie Antón Common Sense Media Chief Privacy Officer Professor of Computer Science Stuart N. Brotman Cambia Health Solutions Georgia Institute of Technology Howard Distinguished Endowed Professor Patrice Ettinger Justin Antonipillai University of Tennessee, Knoxville Chief Privacy Officer Founder & Chief Executive Officer Ryan Calo Pfizer, Inc. WireWheel Associate Professor of Law Joshua Fairfield Jocelyn Aqua University of Washington School of Law William Donald Bain Family Professor of Law Privacy and Ethics Leader Andres Castrillon Washington & Lee University School of Law PricewaterhouseCoopers LLP Senior Manager, Federal Government Relations Anne Fealey Vivienne Artz Stellantis Global Chief Privacy Officer Chief Privacy Officer Ann Cavoukian, Ph.D. Citi Refinitiv Executive Director, Privacy and Big Data Institute Heather Federman Joe Ashkouti Ryerson University Vice President of Privacy & Policy Senior Managing Counsel, Enterprise Functions & Anupam Chander BigID Chief Privacy Officer Professor of Law Lindsey Finch Change Healthcare Georgetown University Executive Vice President, Global Privacy & Product Legal Stephen Balkam Mary Chapin Salesforce Chief Legal Officer, Vice President & Corporate Secretary Founder & Chief Executive Officer Leo Fitzsimon Family Online Safety Institute National Student Clearinghouse Government Relations - Americas Kenneth Bamberger Danielle Keats Citron Here Jefferson Scholars Foundation Schenck The Rosalinde and Arthur Gilbert Foundation, Renard François Professor of Law Co-Director of the Berkeley Center Distinguished Professor in Law Managing Director, Global Chief Privacy Officer for Law and Technology University of Virginia School of Law JPMorgan Chase University of California Berkeley School of Law FPF Senior Fellow Dona Fraser Kabir Barday Member, FPF Education & Innovation Foundation Board of Directors Senior Vice President, Privacy Initiatives Founder, President, & Chief Executive Officer BBB National Programs OneTrust Sheila Colclasure Leigh Parsons Freund Kelby Barton Global Chief Digital Responsibility and Public Policy Officer IPG Kinesso President & Chief Executive Officer General Counsel Network Advertising Initiative Avast Barbara Cosgrove Christine Frye Alisa Bergman Vice President, Chief Privacy Officer Workday Senior Vice President, Chief Privacy Officer Vice President, Chief Privacy Officer Bank of America Adobe Systems Inc. Lorrie Cranor Kelly Gertridge Elise Berkower (1957–2017) Professor of Computer Science and of Engineering and Public Policy Head of Privacy Associate General Counsel Atlassian Nielsen Carnegie Mellon University’s Heinz College Megan Cristina Deborah Gertsen Debra Berlyn Counsel - Corporate Compliance Office - Privacy President Vice President & Chief Legal Officer Ford Motor Company Consumer Policy Solutions Slack Treasurer, FPF Board of Directors Mark Crosbie John Gevertz Treasurer, FPF Education & Innovation Foundation Data Protection Officer Senior Vice President, Chief Privacy Officer Board of Directors Dropbox Visa Andrew Bloom Mary Culnan Shoshana Gillers Vice President & Chief Privacy Officer Professor Emeritus Chief Privacy Officer McGraw-Hill Education Bentley University TransUnion Douglas Bloom Vice President, FPF Board of Directors, Carolina Giuga Executive Director and Co-Head of Cybersecurity Vice President, FPF Education & Innovation Director, Government & Public Affairs, Americas and Privacy Foundation Board of Directors, FPF Senior Fellow LEGO Morgan Stanley Rachel Cummings Eric Goldman Brent Bombach Assistant Professor of Industrial and Systems Engineering Associate Dean of Research, Professor of Law and Senior Director, Government Relations and Public Policy Georgia Institute of Technology Co-Director, High Tech Law Institute NEC Corporation of America Andy Dale Santa Clara University School of Law Axel du Boucher General Counsel, Head of Strategic Partnerships Melissa M. Goldstein Group Data Protection Officer Alyce Associate Professor, Department of Health Policy Criteo Laurie Dechery and Management George Washington University Law School Claire Borthwick Associate General Counsel Senior Counsel Shutterfly, Inc. Scott Goss GoGuardian Jolynn Dellinger Vice President, Privacy Counsel Qualcomm Claire McKay Bowen, Ph.D. Stephen and Janet Bear Visiting Lecturer and Kenan Lead Data Scientist, Privacy and Data Security Senior Fellow John Grant Urban Institute The Kenan Institute for Ethics at Duke University Civil Liberties Engineer Bruce Boyden Sara DePaul Palantir Technologies Assistant Professor of Law Associate General Counsel and Senior Director of Meredith Grauer Marquette University Technology Policy Chief Privacy Officer Software & Information Industry Association Anne Bradley Nielsen Vice President, Chief Privacy Officer & Global Michael Dolan Kimberly Gray Counsel Nike Direct Senior Director, Head of Enterprise Privacy Chief Privacy Officer, Global Nike Best Buy IQVIA Tarryn Brennon Erin Egan Lynn Haaland Chief Privacy Officer, Senior Vice President, Vice President & Chief Privacy Officer, Policy Deputy General Counsel, Chief Compliance and Associate General Counsel Facebook, Inc. Ethics Officer, Chief Privacy Officer Pearson Zoom Video Communications Privacy Papers for Policymakers 2020 2 Future of Privacy Forum Advisory Board (continued) Sara Harrington Mark Kahn Michael McCullough Legal - Head of Users, Product & Privacy General Counsel and Vice President of Policy Chief Privacy Officer & Governance, Risk Management, Stripe Segment and Compliance Leader Cathleen Hartge Damien Kieran Macy's, Inc. Head of Legal Chief Privacy Officer and Global Data Protection Officer William McGeveran Branch Twitter Associate Dean for Academic Affairs and Julius E. Woodrow Hartzog Anne Klinefelter Davis Professor of Law Professor of Law and Computer Science Director of the Law Library, Henry P. Brandis University of Minnesota Law School Northeastern University School of Law Distinguished Professor of Law Zoe McMahon Ben Hayes University of North Carolina Chief Privacy and Data Protection Officer Chief Privacy Officer Karen Kornbluh HP Inc. Zeta Global Founding Director, Digital Innovation and Christin McMeley Eric Heath Democracy Initiative
Load more

Recommended publications
  • White Paper Swire US EU Surveillance
    December 17, 2015 US Surveillance Law, Safe Harbor, and Reforms Since 2013 Peter Swire1 Executive Summary: This White Paper is a submission to the Belgian Privacy Authority for its December 18, 2015 Forum on “The Consequences of the Judgment in the Schrems Case.”2 The Forum discusses the decision by the European Court of Justice in Schrems v. Data Protection Commissioner3 that the EU/US Safe Harbor was unlawful under the EU Data Protection Directive, particularly due to concerns about US surveillance law. For the Forum, I have been asked to comment on two issues: 1) Is US surveillance law fundamentally compatible with E.U. data protection law? 2) What actions and reforms has the US taken since the Snowden revelations began in June 2013? The White Paper draws on my background as a scholar of both EU data protection law and US surveillance law. It addresses serious misunderstandings of US national security law, reflected in official statements made in the Schrems case and elsewhere. It has three chapters: (1) The fundamental equivalence of the United States and EU member States as constitutional democracies under the rule of law. In the Schrems decision, the US was criticized for failing to ensure “a level of protection of fundamental rights essentially equivalent to that guaranteed in the EU legal order.” This chapter critiques that finding, instead showing that the United States has strict rule of law, separation of powers, and judicial oversight of law enforcement and national security 1 Peter Swire is the Huang Professor of Law and Ethics at the Georgia Tech Scheller College of Business and a Senior Fellow of the Future of Privacy Forum.
    [Show full text]
  • Compliance & Legal Sections Annual Virtual Meeting 2020
    Compliance & Legal Sections Annual Virtual Meeting 2020 Registration List Name Title Company City/State Kristin M. Abbott Director, Compliance & Regulatory Affairs ACLI Washington, DC Amber L. Adams VP, Chief Legal Counsel, Chief Compliance American-Amicable Life Insurance Company of Waco, TX Officer & Asst Corporate Secretary Texas Dwain A. Akins Senior Vice President, Chief Corporate American National Insurance Company Galveston, TX Compliance Officer Joseph Arite Director, Legislative Relations Guarantee Trust Life Insurance Company Glenview, IL Kate Austin Senior Counsel Allianz Minneapolis, MN Randi J. Bader Vice President & Associate General New York Life New York, NY Counsel Lauren A. Barbaruolo Corporate Counsel & Director, Compliance Oxford Life Insurance Company Phoenix, AZ Chad Batterson Vice President, Compliance Athene Annuity and Life Company West Des Moines, IA Erin Baum Consultant, Ethics & Compliance CUNA Mutual Group Madison, WI John Baumgardner Supervisor, Compliance Team Standard Insurance Company Portland, OR Simon Berry Senior Counsel Great American Life Insurance Company Cincinnati, OH Mona Bhalla Deputy Superintendent Life Insurance New York State Department of Financial Services New York, NY Division Laura Blahosky Compliance Counsel, Compliance & Federated Life Insurance Company Owatonna, MN Government Relations Lester L. Bohnert General Counsel Modern Woodmen of America Rock Island, IL Timothy H. Bolden Vice President, Chief Compliance Officer American Fidelity Assurance Company Oklahoma City, OK Patricia Diane Boyette Vice President, Chief Compliance Officer Southern Farm Bureau Life Jackson, MS Corinne L. Brand Counsel State Farm Bloomington, IL 12/14/2020 American Council of Life Insurers acli.com Page 1 Compliance & Legal Sections Annual Virtual Meeting 2020 Registration List Name Title Company City/State JoAnne Breese-Jaeck Chief Privacy Officer Northwestern Mutual Milwaukee, WI Kermitt J.
    [Show full text]
  • 7 October 2019 Dear Mr. Zuckerberg, OPEN LETTER
    7 October 2019 Dear Mr. Zuckerberg, OPEN LETTER: FACEBOOK’S END-TO-END SECURITY PLANS The organizations below write today to encourage you, in no uncertain terms, to continue increasing the end-to-end security across Facebook’s messaging services. We have seen requests from the United States, United Kingdom, and Australian governments ​ asking you to suspend these plans “until [Facebook] can guarantee the added privacy does not reduce public safety”. We believe they have this entirely backwards: each day that platforms do not support strong end-to-end security is another day that this data can be breached, mishandled, or otherwise obtained by powerful entities or rogue actors to exploit it. Given the remarkable reach of Facebook’s messaging services, ensuring default end-to-end security will provide a substantial boon to worldwide communications freedom, to public safety, and to democratic values, and we urge you to proceed with your plans to encrypt messaging through Facebook products and services. We encourage you to resist calls to create so-called ​ “backdoors” or “exceptional access” to the content of users’ messages, which will fundamentally weaken encryption and the privacy and security of all users. Sincerely, 1. 7amleh-The Arab Center for Social Media Advancement 2. Access Now 3. ACM US Technology Policy Committee 4. ACT | The App Association 5. AfroLeadership 6. Alternatives 7. American Civil Liberties Union 8. Americans for Prosperity 9. APADOR-CH 10. ARTICLE 19 11. Asociación Argentina de Usuarios de Internet - Internauta Argentina 12. Asociación Colombiana de Usuarios de Internet 13. Asociación por los Derechos Civiles (ADC), Argentina 14.
    [Show full text]
  • NOTHING to HIDE: Tools for Talking (And Listening) About Data Privacy for Integrated Data Systems
    NOTHING TO HIDE: Tools for Talking (and Listening) About Data Privacy for Integrated Data Systems OCTOBER 2018 Acknowledgements: We extend our thanks to the AISP Network and Learning Community, whose members provided their support and input throughout the development of this toolkit. Special thanks to Whitney Leboeuf, Sue Gallagher, and Tiffany Davenport for sharing their experiences and insights about IDS privacy and engagement, and to FPF Policy Analyst Amy Oliver and FPF Policy Intern Robert Martin for their contributions to this report. We would also like to thank our partners at Third Sector Capital Partners and the Annie E. Casey Foundation for their support. This material is based upon work supported by the Corporation for National and Community Service (CNCS). Opinions or points of view expressed in this document are those of the authors and do not necessarily reflect the official position of, or a position that is endorsed by, CNCS or the Social Innovation Fund. TABLE OF CONTENTS Introduction ............................................................................................................................................................................................................................. 2 Why engage and communicate about privacy? ................................................................................................................................................. 2 Using this toolkit to establish social license to integrate data .....................................................................................................................
    [Show full text]
  • January 11, 2015 President Barack Obama the White House 1600 Pennsylvania Avenue NW Washington, DC 20500 Access Now 1110 Vermont
    January 11, 2015 President Barack Obama The White House 1600 Pennsylvania Avenue NW Washington, DC 20500 Access Now 1110 Vermont Avenue NW Suite 500 Washington, DC 20005 Dear President Obama, We urge you to protect the security of your citizens, your economy, and your government by supporting the development and use of secure communications tools and technologies, rejecting policies that would prevent or undermine the use of strong encryption, and urging other leaders to do the same. Encryption tools, technologies, and services are essential to protect against harm and to shield our digital infrastructure and personal communications from unauthorized access. The ability to freely develop and use encryption provides the cornerstone for today’s global economy. Economic growth in the digital age is powered by the ability to trust and authenticate our interactions and communicate and conduct business securely, both within and across borders. Some of the most noted technologists and experts on encryption recently explained that laws or policies that undermine encryption would “force a U-turn from the best practices now being deployed to make the Internet more secure,” “would substantially increase system complexity” and raise associated costs, and “would create concentrated targets that could attract bad actors.”1 The absence of encryption facilitates easy access to sensitive personal data, including financial and identity information, by criminals and other malicious actors. Once obtained, sensitive data can be sold, publicly posted, or used
    [Show full text]
  • Kids & the Connected Home
    KIDS & THE CONNECTED HOME: PRIVACY IN THE AGE OF CONNECTED DOLLS, TALKING DINOSAURS, AND BATTLING ROBOTS DECEMBER 2016 Acknowledgements Future of Privacy Forum (FPF) and Family Online Safety Institute (FOSI) would like to thank the participants and attendees of "Kids and the Connected Home" (July 20, 2016), as well as the following individuals who contributed to the research and analysis in this paper: Carolina Alonso, Legal & Policy Fellow, Future of Privacy Forum Stacey Gray, Policy Counsel, Future of Privacy Forum Emma Morris, Global Policy Manager, Family Online Safety Institute Jennifer Hanley, Director, Legal & Policy Family Online Safety Institute Steven Anderson, Legal Intern, Future of Privacy Forum Hengyi Jiang, Legal Intern, Future of Privacy Forum Emily S. Tabatabai, Of Counsel, Orrick Herrington & Sutcliffe TABLE OF CONTENTS Executive Summary ............................................................................................................................................... 1 I. The Landscape: Connected Toys Are Increasingly Popular and Often Use Children's Data to Enable Interactive Play ................................. ....................................................................................................... 2 Connected Toys Differ from Other Toys Because They Collect, Use, and Share Data Via the Internet. ................................ ................................................................................................................ 2 Connected Toys Use a Variety of Technical Methods
    [Show full text]
  • Binding Corporate Rules for Employees
    Employee Privacy Rules version April 2011 SHELL EMPLOYEE PRIVACY RULES Contents 1 Article 1 – Scope and Applicable Law ................................................ 2 2 Article 2 – Purposes for Processing Employee Data ............................... 3 3 Article 3 – Processing Sensitive Data ................................................ 5 4 Article 4 – Additional requirements for Processing Data of Dependants ....... 5 Article 5 – Employee Consent ......................................................... 7 6 Article 6 – Quantity and Quality of Data ............................................ 9 7 Article 7 – Information Requirements .............................................. 10 8 Article 8 – Employee Rights of Access and Rectification .......................... 9 Article 9 – Security and Confidentiality Requirements ......................... 12 10 Article 10 – Automated Decision Making ........................................... 12 11 Article 11 – Transfer of Employee Data to Third Parties ....................... 13 12 Article 12 – Overriding Interests ..................................................... 15 13 Article 13 – Supervision and Compliance .......................................... 17 14 Article 14 – Complaints procedure .................................................. 17 15 Article 15 – Remedies .................................................................. 18 16 Article 16 – Sanctions for non compliance ......................................... 20 17 Article 17 – Effective Date, Transition Periods and publication
    [Show full text]
  • 2020 Proxy Statement
    2020 Proxy Statement Dear Fellow Owner: Welcome to Truist! We are inviting you to attend the Annual Meeting of Shareholders of Truist Financial Corporation at 11:00 a.m. (EDT) on Tuesday, April 28, 2020. This year’s meeting will be held at the Belk Theater at the Blumenthal Performing Arts Center, 130 N. Tryon Street, Charlotte, North Carolina 28202. Shareholders as of the record date of February 21, 2020 are invited to attend. Last year, we made banking history by combining two forward-looking and like-minded companies – BB&T and SunTrust – to create Truist, a premier financial institution driven by a strong shared culture to accelerate our relentless pursuit of innovation. Now, we have an incredible opportunity to fulfill the Truist purpose to inspire and build better lives and communities. Our merger of equals created the nation’s sixth largest commercial bank, serving 10 million consumer households and a full range of business clients in many of the nation’s highest growth markets. Truist will chart a new course in our industry as we seamlessly blend a high level of personal touch with cutting-edge technology to build a higher level of trust with our clients. We are truly better together. We wanted to take this opportunity to thank President and Chief Operating Officer William H. Rogers, Jr. (“Bill”) for the extraordinary opportunity he has helped create for our shareholders, teammates and communities. As SunTrust’s CEO, Bill’s vision and leadership was essential to build the foundation for successfully bringing together the two great heritages of BB&T and SunTrust.
    [Show full text]
  • Notice of Annual and Special Meeting of Shareholders of Information Services Corporation to Be Held on May 17, 2017 and Management Information Circular
    Notice of Annual and Special Meeting of Shareholders of Information Services Corporation to be held on May 17, 2017 and Management Information Circular April 12, 2017 isc.ca TSX:ISV 202106_CF_ISC_MIC_NEW | Black | 10-Apr-1712:27:31 Contents Page Letter to Shareholders 3 Notice of Annual and Special Meeting 4 Management Information Circular 5 About the Meeting 6 Who Can Vote 6 Appointment of Directors by Province of Saskatchewan 7 Principal Owners of Class A Shares 7 How to Vote 7 Electing Our Directors 11 Appointing Our Auditors 20 Approval of Amended and Restated Stock Option Plan 21 Corporate Governance and Board Committees 25 Director Compensation 29 Executive Officers 32 Compensation Discussion and Analysis 34 Employee Agreements, Termination and Change of Control Benefits 47 Securities Authorized for Issuance Under Equity Compensation Plans 48 Additional Information 49 Appendix A – Amended and Restated Stock Option Plan 50 2 ISC®MANAGEMENT INFORMATION CIRCULAR 2017 202106_CF_ISC_MIC_NEW | Black | 10-Apr-1712:27:31 April 12, 2017 Dear Shareholder: We are pleased to invite you to the annual and special meeting of shareholders of Information Services Corporation (“ISC”), which will be held at 9:00 a.m. (Saskatchewan time/MDT) on May 17, 2017, at Innovation Place, 6 Research Drive, Regina, Saskatchewan. The annual and special meeting is an opportunity to consider matters of importance to ISC and shareholders. We look forward to your participation in person or by proxy at the meeting. You are encouraged to read the accompanying Management Information Circular in advance of the meeting, which describes the business to be conducted at the meeting and provides information on ISC’s approach to executive compensation and governance practices.
    [Show full text]
  • Annual Privacy Report
    U.S. DEPARTMENT OF JUSTICE ANNUAL PRIVACY REPORT THE CHIEF PRIVACY AND CIVIL LIBERTIES OFFICER AND THE OFFICE OF PRIVACY AND CIVIL LIBERTIES OCTOBER 1, 2016 – SEPTEMBER 30, 2020 1 (MULTI) ANNUAL PRIVACY REPORT MESSAGE FROM THE CHIEF PRIVACY AND CIVIL LIBERTIES OFFICER I am pleased to present the Department of Justice’s (Department or DOJ) Annual Privacy Report, describing the operations and activities of the Chief Privacy and Civil Liberties Officer (CPCLO) and the Office of Privacy and Civil Liberties (OPCL), in accordance with Section 1174 of the Violence Against Women and Department of Justice Reauthorization Act of 2005. This report covers the period from October 1, 2016, through September 30, 2020. The Department’s privacy program is supported by a team of dedicated privacy professionals who strive to build a culture and understanding of privacy within the complex and diverse mission work of the Department. The work of the Department’s privacy team is evident in the care, consideration, and dialogue about privacy that is incorporated in the daily operations of the Department. During this reporting period, there has been an evolving landscape of technological development and advancement in areas such as artificial intelligence, biometrics, complex data flows, and an increase in the number of cyber security events resulting in significant impacts to the privacy of individuals. Thus, the CPCLO and OPCL have developed new policies and guidance to assist the Department with navigating these areas, some of which include the following:
    [Show full text]
  • Global Privacy Code (Uk)
    JPMorgan Chase & Co GLOBAL PRIVACY CODE (UK) The JPMC Global Code of Conduct expresses JPMC’s commitment to conduct its business in accordance with high ethical standards and in accordance with applicable laws and JPMC policies, including with respect to the protection of personal information. This Privacy Code explains how JPMC will protect the personal information of its employees, customers, suppliers, business partners and related individuals in its role of data controller. Capitalized terms have the meaning set out in Annex 1 (Definitions). ARTICLE 1 – SCOPE, APPLICABILITY, AND IMPLEMENTATION Scope 1.1 This Privacy Code applies to JPMC’s global Processing of personal information as a Data Controller, with respect to (a) Customers, Suppliers, Business Partners, and other individuals in the context of its business activities and (b) Employees and their Dependents in the context of Employees’ working relationship with JPMC, in each case where such personal information is subject to UK Data Protection Law (or was subject to UK Data Protection Law prior to the transfer of such personal information to a Group Company outside of the UK) (respectively, CSB Information and Employee Information; together, Personal Information). This Privacy Code applies to the Processing of Personal Information by electronic means or in systematically accessible paper-based filing systems. The Privacy Code covers all types of Personal Information which JPMC Processes in the context of its business activities and employment relationships. The Personal Information
    [Show full text]
  • Privacy Officer Job Description, Role and Responsibility
    Privacy Officer Job Description, Role and Responsibility Presentation by: Brent Saunders Karen Owen Dunlop S I D L E Y & A U S T I N HIPAA requires health care organizations that transmit or maintain “protected health information” to designate a “Privacy Official” Chief Privacy Officer “CPO” ♦ A high-level Management or Officer Position ♦ The focal point for privacy compliance-related activities Privacy Official Duties: Big Picture ♦ Implementing corporate policies and procedures ♦ Conducting educational programs ♦ Auditing and administering privacy program reviews Privacy Official Access ♦ Board ♦ Chief Compliance Officer ♦ General Counsel ♦ Chief Operating Officer Role Reflects Entity ♦ Size ♦ Structure ♦ Composition ♦ Lines of service ♦ Current and potential exposure to Protected Health Information – “PHI” Role of the CPO ⇒ GENERAL: ♦ Leadership for privacy program ♦ Compliance related to privacy, security, confidentiality ♦ Liaison to regulatory and accrediting bodies Continued... ⇒ GENERAL: ♦ Collaborate on cyber privacy and security policies and procedures ♦ Monitor systems development and operations for security and privacy compliance ♦ Counsel relating to business partner contracts Role of the CPO ⇒ SPECIFIC ♦ Develop Corporate Privacy Policies & Procedures ♦ Handling (acquisition and management) of PHI; Corporation’s Notice of Information practices ♦ Use and disclosure of PHI Continued... ⇒ Specific: ♦ Individual requests for Restriction of Use and Disclosure of PHI ♦ Access/Inspection/Copying of PHI ♦ Amendment/correction of PHI ♦ Accounting of Disclosures ♦ Record-keeping Procedures ♦ Administrative Procedures Access/Disclosure Verification Procedures ♦ Individual requesting access who is the subject of the protected health information ♦ Emergency circumstances, including next-of-kin ♦ Power-of-attorney/legal authority Continued... Access/Disclosure Verification Procedures ♦ Public health oversight bodies ♦ Coroners and Medical Examiners for law enforcement ♦ Government health data systems for specific classes of information Continued..
    [Show full text]